China’s cyber operatives have infiltrated computer networks controlling critical U.S. infrastructure, preparing for potential future disruptions, according to the National Security Agency (NSA) director. Air Force Gen. Timothy Haugh, who also leads U.S. Cyber Command, revealed that Chinese hackers have been positioning cyber tools in ways that suggest preparations for large-scale sabotage rather than intelligence gathering.
Gen. Haugh expressed concerns over these activities, noting their unique military nature. “We see attempts to be latent in a network that is critical infrastructure, that has no intelligence value, which is why it is so concerning,” he told The Wall Street Journal. The primary threat stems from China’s “Volt Typhoon” cyber targeting program, which has infiltrated systems controlling water and other critical infrastructure on Guam, a key U.S. military hub in the Pacific.
The NSA and Microsoft exposed the Volt Typhoon intrusion program in May 2023, identifying sectors such as communications, transportation, and maritime as targets. The infiltration continues, posing ongoing risks. These developments come amid rising tensions between the U.S. and China over issues like Taiwan and territorial disputes in the South and East China Seas.
Gen. Haugh noted that cyberattacks could be a precursor to broader conflicts, targeting U.S. networks operating essential services like electric power, transportation, and water systems. “Sabotaging those networks would cause massive disruptions and potentially a large-scale loss of lives,” he warned, emphasizing the particular threat to civilian water supplies.
China’s People’s Liberation Army (PLA) employs a strategy known as “unrestricted warfare,” which advocates for using all forms of warfare to secure victory. This approach is evident in the PLA’s cyber activities, which include targeting U.S. military networks. Gen. Haugh indicated that the U.S. military remains vigilant against such threats, expecting further areas of penetration by Beijing to be uncovered.
Increased public awareness of these threats is a strategic move by the U.S. government. Gen. Haugh emphasized the need to “make the tradecraft widely known” to counteract the intrusions effectively. Unlike cyber operations designed to steal data, which are more easily tracked, the infrastructure intrusions by Volt Typhoon hackers are harder to detect. These hackers use a method called “living off the land,” where they gain access to a network by masquerading as authorized users and use the system’s own tools to prepare for sabotage.
High-level U.S. officials, including FBI Director Christopher Wray and Energy Secretary Jennifer Granholm, have underscored the severity of the threat. In Senate testimony, Secretary Granholm and Jill Hruby, director of the National Nuclear Security Administration, highlighted Volt Typhoon’s access to critical energy infrastructure as a significant alarm.
Expanded Coverage: